import pool from '@/lib/db';
import bcrypt from 'bcryptjs';

export async function POST(req) {
  const { token, newPassword } = await req.json();
  if (!token || !newPassword) {
    return Response.json({ error: '参数不完整' }, { status: 400 });
  }
  const { rows } = await pool.query('SELECT * FROM password_reset_tokens WHERE token = $1', [token]);
  const record = rows[0];
  if (!record || record.expires < new Date()) {
    return Response.json({ error: '重置链接无效或已过期' }, { status: 400 });
  }
  const hash = await bcrypt.hash(newPassword, 10);
  await pool.query('UPDATE users SET password = $1 WHERE id = $2', [hash, record.user_id]);
  await pool.query('DELETE FROM password_reset_tokens WHERE token = $1', [token]);
  return Response.json({ success: true });
} 